PCI DSS does not prevent the use of end-user technologies (such as email, SMS, chat, etc.) to request or receive cardholder data.   However, if an end-user messaging technology is used to receive or send PAN, then that entity’s channel must be protected according to all applicable PCI DSS requirements, including but not limited to Requirements, including but not limited to Requirements 4.1 and 4.2. 1 and 4.2.2. Additionally, the entity’'s systems related to end-user technologies (e.g.for example, e-mail servers) would be in-scope for PCI DSS. 
 
Also refer to the following FAQs:  
For guidance on what to do ifAQ 1085: Can unencrypted PAN is inads be sent overtently received via an end e-user messaging channel, refer to mail, instant messaging, SMS, or chat? 
FAQ #1157 : What should a merchant do if cardholder data is accidentally received via an unintended channel? What should a merchant do if cardholder data is accidentally received via an unintended channel?